I'm working on a risk management process for medical device software development and have a question re risk acceptability. In clause 4.3 of IEC 62304:2006 AMD1:2015, software is classified as B or C if it results in "unacceptable risk." It doesn't state that the unacceptable risk must be mitigated as long as the category B or C is used in the development process. However, under ISO 14971, if we analyze the same software risks as in our safety classification, using the same criteria for risk acceptability, then any unacceptable risk must be mitigated through risk controls or redesign. So, how in practice could any software be left at a B or C safety class if the "unacceptable" risk must be mitigated under ISO 14971 requirements? It seems like a bit of a conundrum.